Re: sendmail question
On Nov 30, 2007 10:25 AM, Toni Mueller [EMAIL PROTECTED] wrote: ... I have a box that serves as a VPN gateway: N1 --- box in question -- Internet --- other gateway --- N2 N1 = 192.168.2.0/24 N2 = 192.168.1.0/24 ... Now, I'd like to send mail, eg. the usual daily reports, via the tunnel to a mail server in N2. There is also no other way to reach that mail server except via the tunnel, and of course, I want the information transferred be protected from prying eyes. In the various sendmail configuration files, I've placed statements similar to O ClientPortOptions=Family=inet, Address=192.168.2.5 and DS [192.168.1.10] Unfortunately, sending mail that way fails because Sendmail insists in using the IP address of the interface going out to the Internet. Not only that, but something is broken in your MUA that resulted in the log entries you included that showed the above being cut off and lost. As is, your sendmail setup looks right to me. Are you able to telnet from that machine with those source and destination address? telnet -b 192.168.2.5 192.168.1.10 25 If that doesn't go through, then the problem is your network level setup (routing, filtering, etc) and not your sendmail setup at all. If that telnet does work, well, you _did_ remember to restart sendmail after changing the sendmail.cf, right? Philip Guenther
Re: RTL8185 wireless support?
On Fri, Nov 30, 2007 at 11:42:53PM -0500, Frank Bax wrote: TP-LINK 802.11g/b pci cards (model TL-WN353G) are on sale; so I got one. Chipset is marked RTL8185L. I found a reference to RTL8185 in CVS, but I'm not clear on what the Sep5 comments for if_rtw_pci.c are saying? It either says: a) RTL8185 was supported, but now only if RTW_DEBUG is set? b) RTL8185 was supported with RTW_DEBUG, but now?? RTL8185 support was started but could not be finished due to lack of information on the radios.
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
On Nov 30, 2007 11:50 AM, Pau Amaro-Seoane [EMAIL PROTECTED] wrote: Hi, I am having the same issue. Have you succeed at waking up the video? Pau No I never got it working. I went back to 4.1. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
progress report on make
Well, it's time for an update on how things are going in make-land. The initial pass at getting make -j in shape was enough to get it to work in most cases. As usual, when you start down an unused code path, it also uncovered a lot of issues, some of them fairly small, others really big. If you read through src-change, after the initial switch to building stuff correctly one command at a time through -j, and getting the pipes to do sensible things, quite a few things happened: - I started keeping track of items very carefully, so that I could figure out when make failed, and where. - I started trying to give out decent error messages. That part is not perfect yet, the messages are often fragmented as they happened `long' after the initial error has happened. - there was some fiddling with variables to allow further changes. - we got to have Suff_FindDeps be lazy, to give it a better change to work with files that just got created (and this involved decoupling wildcard expansion from Suff_FindDeps). Along with other details, and one or two nasty bugs along the way. At the same time, we made great progress in getting make build to work with -j. We're to the point where it proceeds successfully most of the time. There are still a few races that show up, always in the same directories... afs and perl are most likely failure points. There are still oddities in binutils and gcc, and I've uncovered a new one in lynx... All in all, I can build my src/ on my bi-pro in 2/3 of the time it used to take. But some times it fails half-way through. So far, xenocara builds flawlessly. But it it not that useful, since it spends a lot of time in linear configury... the machine that benefits the most would probably be miod's mvme88k, since the compile speed itself makes a huge difference. There are still things to do. Some times, parallel make stops because it can't figure out how to build a given target, whereas sequential make does not. It's because parallel make is greedy and explores its graph of targets as deep as it can. I could try to make it lazier, but in this case, it's the wrong approach: make does not know (yet) how to map its targets to the file system, so if you're in WRKSRC/bin, and you try to build ../bin/autom4te, it does not realize it is the same as autom4te. (Quite a few ports actually build fine in parallel mode already, and the infrastructure proper is fully parallel-capable, but then this was redesigned specifically that way when I started working on it, so it is not a big surprise.) This is a problem I've been aware of for a very long time actually (probably at least 3 or 4 years). It is a complicated issue, but it is the issue we need to fix now. I could possibly try the `lazyness' fix first (if we don't know how to build the target, build everything else, and then come back to it), but this is just postponing the fix... and making it harder, because test cases would occur much less often.
Re: PCI ID rules to be included in pcidevs
On Nov 30, 2007 11:31 AM, Daniel Ouellet [EMAIL PROTECTED] wrote: Quick question on the rules of this if I may. What's the rules, kind of used to determine when new PCI ID can be put in the pcidevs in the tree? If I find new ID's, do they need to be verify by users first, etc? In looking at my SAS problem, I find that Symbios Logic may have 0x0066 Symbios Logic Inc. / NCR|MegaRAID SCSI 320-2XRWS And that ID is not in the tree yet. So, to be included there, do you need the data sheet or something from the company, or you put them as possible one and finalize them when the hardware is tested, or what's the process for that? What do you required if I come across others like that to be useful? Best, Daniel Usually what I have seen normally only a diff is needed. The thing is that if nobody is working on a driver or it is just something that is known not to work there is no reason for including the ID. Otherwise it would be good for testing. Do a diff, send it in, see if nay of the developers commit it. It's easy as that. BR dunceor
Re: sendmail question
Hi, On Sat, 01.12.2007 at 01:32:07 -0700, Philip Guenther [EMAIL PROTECTED] wrote: Not only that, but something is broken in your MUA that resulted in the log entries you included that showed the above being cut off and lost. I'm not sure what you mean, exactly, but I broke the quote out of the thread wrt. replacing sendmail with qmail, but didn't want to hijack a thread. Therefore I deleted header like Refecences: . As is, your sendmail setup looks right to me. Are you able to telnet from that machine with those source and destination address? telnet -b 192.168.2.5 192.168.1.10 25 Yes, that works very nicely. If that telnet does work, well, you _did_ remember to restart sendmail after changing the sendmail.cf, right? Yes. I've first tried to configure this a few years ago, and done some upgrades in the meantime. As the problem persists, I worked around it by not using sendmail, but this is not an ideal solution, and I thought the sendmail fans on the list could simply show off their superiority. ;-) Best, --Toni++
Re: Replace sendmail with qmail?
Hi, On Fri, 30.11.2007 at 14:03:36 -0600, Marco Peereboom [EMAIL PROTECTED] wrote: Does qmail have the ability to block all email concerning replacing sednmail in base? it's not built in (qmail is intended to be lean), but you could give it a shot using eg. netqmail + qmail-scanner. Best, --Toni++
Re: Replace sendmail with qmail?
On Fri, Nov 30, 2007 at 03:34:11PM -0800, Bryan Irvine wrote: On Nov 30, 2007 3:19 PM, Andrew Hart [EMAIL PROTECTED] wrote: Wouldn't such reasoning about a gift apply equally to a BSD-license on free-as-in-beer software? Andrew Ruscica wrote: ... Why the Public Domain Isn't a License (Linux Journal) http://www.linuxjournal.com/article/6225 From the article: ... Unfortunately, such gifts are illusory. Under basic contract law, a gift cannot be enforced. The donor can retract his gift at any time, for any reason - scant security for someone intending to make long-term use of a piece of software. No, I think you missed the point of the article. It's trying to say that you retain copyright like a sticky booger. Merely saying 'this stuff is in public domain now' is not enough to make it so. Strangely, it appears that you have no right put something in the public domain, it just happens 70 years after you die. (Copyright lawyers feel free to chime in here) This is not strange. Something gets into public domain if the author died 70 years ago. Now people are saying: I want to put something in public domain. This is just nonsense. You could say: do whatever you like with this but you still have to die and wait for 70 years before it is in public domain. People are saying some software is in public domain but this is not the way 'public domain' is used origionally. Some people are just making another defenition of it. -B What does this mean? I see those kind of 'options' more often. Pieter Verberne
Re: Postfix(chroot) and Postgresql
On Sat, Dec 01, 2007 at 12:07:54AM +0100, Bengt Frost wrote:
Someone out there have any suggestions how use Postfix (and Dovecot)
with PostgreSQL?
Pull the user data from PostgreSQL and generate the files:
/etc/sasldb2.db (copy to /var/spool/postfix/etc postfix reload)
/etc/cram-md5.pwd
e.g: have a cron driven perl script check for changes to the user tables
in the last 15 mins if so, then generate new files. Stops PostgreSQL
becoming a bottleneck when under high load (a spam attack).
Ok. Not quite sure I'm following you. You mean pull user data from
PostgreSQL
and generate flat(db) user file for smtp-auth using
p5-Authen-SASL-2.10p0 ...
Aye, using whatever you fancy, probably loads of modules on CPAN that
will do most of what you want for your site. Perl is in base, so you
wont run the risk of a broken port of ruby/python/whatever stopping you
working after an upgrade.
Same for /etc/postfix/{aliases,canonical.map,virtual.map}
As your site grows, you can punt the flat files out across your mail
farm from your central db/admin box, use rdist or something similar.
Then pull out 'other' Postfix data maps via (f.ex) Perl script across
my 'mail farm'.
Not sure yet how to do it - but I figure it out.
PostgreSQL is brilliant as you can have views of multiple tables, such
as user id passwd, then reference another accounts table with foriegn
keys to see if payment is upto date, how much they paid (disk quota).
Then from this one view, just select * and dump that data into flat
files, then push to your front line smtp, imap, webmail, shell... boxes.
No fancy SQL in the scripts, let the DB do the work for you with views
stored procedures. (Your business logic is separate from the oily bits
of service implementation)
Implement another service, such as web hosting accounts, then just write
another SQL view, and another Perl script to config apache, etc, etc.
My basic point is this: you can go to a lot of bother to get some
services to auth against SQL, then you want to bring up another service
and there is no way of using SQL directly, so you write some scripts to
generate flat files. Then you bring up another service, So why not
just do it that way from the beginning? After all, the app was developed
to use flat files, so as a mere user of an app, why fight against the
developer?
How about - using OpenLDAP?
Same thing. Flat files are fast and reliable, and are basically the only
way to give users shell access (mutt/pine) on OpenBSD as login wont auth
against LDAP or SQL.
--
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: progress report on make
On Saturday 01 December 2007, Marc Espie wrote: Well, it's time for an update on how things are going in make-land. The initial pass at getting make -j in shape was enough to get it to work in most cases. As usual, when you start down an unused code path, it also uncovered a lot of issues, some of them fairly small, others really big. If you read through src-change, after the initial switch to building stuff correctly one command at a time through -j, and getting the pipes to do sensible things, quite a few things happened: - I started keeping track of items very carefully, so that I could figure out when make failed, and where. - I started trying to give out decent error messages. That part is not perfect yet, the messages are often fragmented as they happened `long' after the initial error has happened. - there was some fiddling with variables to allow further changes. - we got to have Suff_FindDeps be lazy, to give it a better change to work with files that just got created (and this involved decoupling wildcard expansion from Suff_FindDeps). Marc, Does the eventual game plan for make -j include the ability to build on a cluster of systems? Thanks, JCR
Re: RTL8185 wireless support?
Jonathan Gray wrote: On Fri, Nov 30, 2007 at 11:42:53PM -0500, Frank Bax wrote: TP-LINK 802.11g/b pci cards (model TL-WN353G) are on sale; so I got one. Chipset is marked RTL8185L. I found a reference to RTL8185 in CVS, but I'm not clear on what the Sep5 comments for if_rtw_pci.c are saying? It either says: a) RTL8185 was supported, but now only if RTW_DEBUG is set? b) RTL8185 was supported with RTW_DEBUG, but now?? RTL8185 support was started but could not be finished due to lack of information on the radios. Would contributing a device help? Or is it vendor docs you need?
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
There's an ugly way to do it: suspend from terminal (say ctrl+alt+f2 and zzz), and when you wake it up go back to X with ctrl+alt+f5. This is how I am doing it now and it's working perfectly. It also goes into sleeping mode much faster from the terminal... Cheers, Pau 2007/12/1, Mark Thomas [EMAIL PROTECTED]: On Nov 30, 2007 11:50 AM, Pau Amaro-Seoane [EMAIL PROTECTED] wrote: Hi, I am having the same issue. Have you succeed at waking up the video? Pau No I never got it working. I went back to 4.1. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Replace sendmail with qmail?
On Fri, Nov 30, 2007 at 12:27:32AM -0800, Matthew Dempsky wrote: Is there any interest in replacing sendmail with it to remove another component from the src/gnu/ hierarchy? I strongly recommend against this. There's no need for it, and anyone who insists on running qmail (a course of action that I strongly recommend against) should be capable of building/installing it as they wish. Moreover, it's not clear to me (probably because I'm not a copyright/patent/trademark/etc. attorney) that the recent qmail licensing announcement actually has the legal meaning that is being assigned to it. ---Rsk
Re: progress report on make
On Sat, Dec 01, 2007 at 06:24:46AM -0800, J.C. Roberts wrote: Does the eventual game plan for make -j include the ability to build on a cluster of systems? No. If you're in ports land, you already have dpb for that. For compilers, you have distcc. In fact, I removed whatever code there was that would allow for remote jobs to run. Why ? because it never worked, and it was hindering our ability to fix what was reasonable to fix. make -j is solely there for MP systems, since those are now more or less the norm in i386/amd64 land... and since we have enough arches supported for that to make sense.
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
On 11/6/07, Mark Thomas [EMAIL PROTECTED] wrote: If I close the lid on this laptop ( Thinkpad T41 ) the machine goes into a deep sleep but will not recover with OpenBSD 4.2. With 4.1 this worked flawlessly. xorg is not running during these tests. it will often come back if you cycle through another suspend/resume with fn-f4.
Re: Replace sendmail with qmail?
On 30/11/2007, Bryan Irvine [EMAIL PROTECTED] wrote: Strangely, it appears that you have no right put something in the public domain, it just happens 70 years after you die. (Copyright lawyers feel free to chime in here) Says who? Strangely, this is not how it works. Any copyright owner can release their work into the public domain. http://www.openbsd.org/policy.html While material that is truly entered into the Public Domain can be included in OpenBSD, review is required on a case by case basis. Frequently the public domain assertion is made by someone who does not really hold all rights under Copyright law to grant that status or there are a variety of conditions imposed on use. For a work to be truly in the Public Domain all rights are abandoned and the material is offered without restrictions. http://cr.yp.to/publicdomain.html I've seen a few people claiming, without justification, that a clear written dedication of the work to the public domain doesn't actually abandon copyright. Nobody, to my knowledge, has ever wasted a judge's time trying to make this silly argument in court. Cheers, Constantine.
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
the suspend via terminal technique comes back always... I had four crashes when suspending from X and don't want to play further with fire, even if I added sync to the most important partitions, with the lost of performance, I don't like having to brutally stop my hard drive let's wait for 4.3, until then, suspend from terminal (no X) Anybody out there running -current on a thinkpad T41 who can report on suspending/resuming? 2007/12/1, Ted Unangst [EMAIL PROTECTED]: On 11/6/07, Mark Thomas [EMAIL PROTECTED] wrote: If I close the lid on this laptop ( Thinkpad T41 ) the machine goes into a deep sleep but will not recover with OpenBSD 4.2. With 4.1 this worked flawlessly. xorg is not running during these tests. it will often come back if you cycle through another suspend/resume with fn-f4.
Re: removing sendmail
On Fri, 30 Nov 2007 10:49:48 -0500, Steve Shockley wrote: It looks like that went away with the death of DEINSTALL. I don't use it though so I didn't test it. No, in 4.2 it still needs us to not forget this. Not a big deal overall, but still something that could be improved on. Uwe
Re: removing sendmail
On Sat, 1 Dec 2007, Uwe Dippel wrote: On Fri, 30 Nov 2007 10:49:48 -0500, Steve Shockley wrote: It looks like that went away with the death of DEINSTALL. I don't use it though so I didn't test it. No, in 4.2 it still needs us to not forget this. Not a big deal overall, but still something that could be improved on. Yep. I do remember it *now* but I was pretty mad when that caused the whole mailing system to break and I didn't notice it right away. -- Antti Harri
Re: removing sendmail
Antti Harri wrote: On Sat, 1 Dec 2007, Uwe Dippel wrote: On Fri, 30 Nov 2007 10:49:48 -0500, Steve Shockley wrote: It looks like that went away with the death of DEINSTALL. I don't use it though so I didn't test it. No, in 4.2 it still needs us to not forget this. Not a big deal overall, but still something that could be improved on. Yep. I do remember it *now* but I was pretty mad when that caused the whole mailing system to break and I didn't notice it right away. Oh, me too. It is always bad in production and even outside. I use a quite special postfix configuration, and while the system in general would work, my users found breakage. So did I. Until I telnet to port 25. Upgrade ought not touch the mailer. I understand that the process doesn't know if you want to de-install or upgrade. It would be great if it could, and spew out much less of useless (? sometimes) messages. Uwe
OpenBSD for routing firewalling a 100Mbit/s connection
Hi all! I'm a newbie OpenBSD user, and I'm trying to put two carped OpenBSD 4.2 box between a dual 100Mbit/s WAN connection (two uplink providers). OpenBSD boxes should Do various VLAN managing, routing (BGP) and firewalling. I don't need scrubbing on all packets, for now. I put in place two machines, with 1GB of RAM and a XP 2000+ CPU, running on flashes (the / is on flash, but I'm logging to a dedicated machine, on a dedicated NIC, fxp0). So I have three 'em' NICs (one for my side, two for each ISP sides), one fxp for logging and another fxp for CARP. The system runs with stock OpenBSD 4.2 kernel: I tried to put intelligent PF rules in order to get the lowest CPU utilization. I don't have any CPU problem, but an impressive (vmstat -i) amount of interrupts (something like 6000/s on external interfaces), and sometimes the system drop packets, even when way less that 100Mbit/s of bandwidth and trying on ISP hosts. When I swap OpenBSD with a Cisco 12008, everything is fine (no packet loss).. but of course the price tag is not really comparable :D Can you give some hints on using OpenBSD in a medium demanding context like this? Thank you in advance. -- View this message in context: http://www.nabble.com/OpenBSD-for-routing---firewalling-a-100Mbit-s-connection-tf4928708.html#a14106791 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: Postfix(chroot) and Postgresql
Thanks! I have underestimate the use of flat files and you have give
me useful tips. I have to refresh my perl programming - lately most
C and Python (and sh of course ...)
--bfrost
(fvp.se, fvp.eu, fvpideas.com)
P.S
I am not sure if this gets through to misc mailinglist - sending
from my mailserver.
On Sat, Dec 01, 2007 at 01:12:54PM +, Craig Skinner wrote:
On Sat, Dec 01, 2007 at 12:07:54AM +0100, Bengt Frost wrote:
Someone out there have any suggestions how use Postfix (and Dovecot)
with PostgreSQL?
...
Ok. Not quite sure I'm following you. You mean pull user data from
PostgreSQL
and generate flat(db) user file for smtp-auth using
p5-Authen-SASL-2.10p0 ...
Aye, using whatever you fancy, probably loads of modules on CPAN that
will do most of what you want for your site. Perl is in base, so you
wont run the risk of a broken port of ruby/python/whatever stopping you
working after an upgrade.
Same for /etc/postfix/{aliases,canonical.map,virtual.map}
...
Then pull out 'other' Postfix data maps via (f.ex) Perl script across
my 'mail farm'.
Not sure yet how to do it - but I figure it out.
PostgreSQL is brilliant as you can have views of multiple tables, such
as user id passwd, then reference another accounts table with foriegn
keys to see if payment is upto date, how much they paid (disk quota).
Then from this one view, just select * and dump that data into flat
files, then push to your front line smtp, imap, webmail, shell... boxes.
No fancy SQL in the scripts, let the DB do the work for you with views
stored procedures. (Your business logic is separate from the oily bits
of service implementation)
Implement another service, such as web hosting accounts, then just write
another SQL view, and another Perl script to config apache, etc, etc.
My basic point is this: you can go to a lot of bother to get some
services to auth against SQL, then you want to bring up another service
and there is no way of using SQL directly, so you write some scripts to
generate flat files. Then you bring up another service, So why not
just do it that way from the beginning? After all, the app was developed
to use flat files, so as a mere user of an app, why fight against the
developer?
How about - using OpenLDAP?
Same thing. Flat files are fast and reliable, and are basically the only
way to give users shell access (mutt/pine) on OpenBSD as login wont auth
against LDAP or SQL.
--
Craig Skinner | http://www.kepax.co.uk | [EMAIL PROTECTED]
Re: OpenBSD for routing firewalling a 100Mbit/s connection
* Carl Roberso [EMAIL PROTECTED] [2007-12-01 17:32]: I don't have any CPU problem, but an impressive (vmstat -i) amount of interrupts (something like 6000/s on external interfaces), and sometimes the system drop packets, even when way less that 100Mbit/s of bandwidth and trying on ISP hosts. 6000 irq/s is not much. increase sysctl net.inet.ip.ifq.maxlen. -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: Subversion/Apache Mod dav
On Mon, 19 Nov 2007 21:45:54 +1000 David Gwynne [EMAIL PROTECTED] wrote: Hi, are you trying to use the subversion port, are you trying to roll your own? Home-rolled. I started out with the package, but found it was for Apache 2.2, but since the layout in ports was partitioned into something that looked to be missing... Dhu dlg On 13/11/2007, at 3:14 PM, Duncan Patton a Campbell wrote: On Mon, 12 Nov 2007 20:49:08 -0600 Duncan Patton a Campbell [EMAIL PROTECTED] wrote: Howdy? I'm trying to install mod_dav_svn and mod_authz_svn with apache 2.0.xx and find that they have been moved into the ap2-subversion-1.4.4 package that requires apache 2.2. When I go to the ports tree there is nothing equivalent to this module. Does anyone know what is going on? Is subversion under apache 2.0 no longer supported? Any help would be greatly appreciated. Thanks, Dhu Addenedum: subversion 1.4.5 now appears to build on OBSD with mod_dav_svn, so this is less problematic.. still(?) Dhu
Re: OpenBSD for routing firewalling a 100Mbit/s connection
El sC!b, 01-12-2007 a las 17:55 +0100, Henning Brauer escribiC3: * Carl Roberso [EMAIL PROTECTED] [2007-12-01 17:32]: I don't have any CPU problem, but an impressive (vmstat -i) amount of interrupts (something like 6000/s on external interfaces), and sometimes the system drop packets, even when way less that 100Mbit/s of bandwidth and trying on ISP hosts. 6000 irq/s is not much. increase sysctl net.inet.ip.ifq.maxlen. And check 6.6.1 and 6.6.4: http://www.openbsd.org/faq/faq6.html#Tuning Greetings
Re: OpenBSD for routing firewalling a 100Mbit/s connection
On Dec 1, 2007 11:12 AM, Iqigo Tejedor Arrondo [EMAIL PROTECTED] wrote: El sC!b, 01-12-2007 a las 17:55 +0100, Henning Brauer escribiC3: * Carl Roberso [EMAIL PROTECTED] [2007-12-01 17:32]: I don't have any CPU problem, but an impressive (vmstat -i) amount of interrupts (something like 6000/s on external interfaces), and sometimes the system drop packets, even when way less that 100Mbit/s of bandwidth and trying on ISP hosts. 6000 irq/s is not much. increase sysctl net.inet.ip.ifq.maxlen. And check 6.6.1 and 6.6.4: http://www.openbsd.org/faq/faq6.html#Tuning If I'm not mistaken, these FAQs refer to settings applicable to TCP endpoints and will not likely affect OP's role as an intermediary router. DS
qmail is now on Public Domain
Qmail is now public domain: http://cr.yp.to/qmail/dist.html I hereby place the qmail package (in particular, qmail-1.03.tar.gz, with MD5 checksum 622f65f982e380dbe86e6574f3abcb7c) into the public domain. You are free to modify the package, distribute modified versions, etc. Does anyone know anything about djbdns, daemontools, ucspi-tcp et all ? I think they are already public domain. Maybe a port is now welcome. Marc ? Regards, -- Eduardo Alvarenga
Re: OpenBSD for routing firewalling a 100Mbit/s connection
Henning Brauer wrote: 6000 irq/s is not much. increase sysctl net.inet.ip.ifq.maxlen. Thank you v-e-r-y much Henning, this seems to have cured the problem. Another problem seems left, anyway. :( I'm running bgpd on both OpenBSD boxes: it's really a fine piece of software, but when dealing with a setup like mine (same box does PF BGP routing, from here the firewall), you can get in trouble when using one BGP session per-provider-per-firewall, and the uplink ISP get you some packets on firewall A, some others on firewall B (so, there isn't a priority on BGP session). Another similar problem arise when the firewall B becomes master, the firewall A stops to packets flow, but maybe it's BGP sessions remains acrive (the most active, or the really one with most priority, depends on the ISP).. and packet confusion starts. Of course a solutions seems to have a BGP session actived ONLY when a given firewall is active.. but this means that when instantly (without losing the TCP sessions) CARP help to switch to the secondary firewall.. everything will be blocked, waiting for the BGP session to download routes. Any of you guys has a hint also for this situation (that's having concurrent BGP sessions, but making sure that the master firewall gets all packets coming from all BGP sessions, without mangling with PF states)? Again, thank you in advance. -- View this message in context: http://www.nabble.com/OpenBSD-for-routing---firewalling-a-100Mbit-s-connection-tf4928708.html#a14109004 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD for routing firewalling a 100Mbit/s connection
Carl Roberso ??: Henning Brauer wrote: 6000 irq/s is not much. increase sysctl net.inet.ip.ifq.maxlen. Thank you v-e-r-y much Henning, this seems to have cured the problem. Another problem seems left, anyway. :( I'm running bgpd on both OpenBSD boxes: it's really a fine piece of software, but when dealing with a setup like mine (same box does PF BGP routing, from here the firewall), you can get in trouble when using one BGP session per-provider-per-firewall, and the uplink ISP get you some packets on firewall A, some others on firewall B (so, there isn't a priority on BGP session). Another similar problem arise when the firewall B becomes master, the firewall A stops to packets flow, but maybe it's BGP sessions remains acrive (the most active, or the really one with most priority, depends on the ISP).. and packet confusion starts. Of course a solutions seems to have a BGP session actived ONLY when a given firewall is active.. but this means that when instantly (without losing the TCP sessions) CARP help to switch to the secondary firewall.. everything will be blocked, waiting for the BGP session to download routes. Any of you guys has a hint also for this situation (that's having concurrent BGP sessions, but making sure that the master firewall gets all packets coming from all BGP sessions, without mangling with PF states)? Again, thank you in advance. The BGP problem is solved by doing this: You need 3 IPs for communicating with each provider. Let's say you have 172.16.0.1, 172.16.0.2 and 172.16.0.3 to communicate with ISP1. You setup 172.16.0.1 on Firewall #1, 172.16.0.2 on Firewall #2, and you set up 172.16.0.3 on both of them with CARP. Then you establish BGP sessions from 172.16.0.1 and 172.16.0.2 to your provider, and tell the provider to set next-hop for both of them to 172.16.0.3 This way both of the sessions are live, and traffic goes to the active machine. Once it fails, the other one takes over the common 172.16.0.3 and keeps receiving the traffic without waiting for BGP timeouts, nor BGP prefix download or something else. Do the same with ISP2 and you're ready to go. Regards, Doichin
Re: OpenBSD for routing firewalling a 100Mbit/s connection
NetOne - Doichin Dokov wrote: The BGP problem is solved by doing this: Thank you very much Doichin for pointing this out: all of you was so helpful! Best wishes! -- View this message in context: http://www.nabble.com/OpenBSD-for-routing---firewalling-a-100Mbit-s-connection-tf4928708.html#a14109565 Sent from the openbsd user - misc mailing list archive at Nabble.com.
Re: OpenBSD for routing firewalling a 100Mbit/s connection
* Darren Spruell [EMAIL PROTECTED] [2007-12-01 19:42]: On Dec 1, 2007 11:12 AM, Iqigo Tejedor Arrondo [EMAIL PROTECTED] wrote: El sC!b, 01-12-2007 a las 17:55 +0100, Henning Brauer escribiC3: * Carl Roberso [EMAIL PROTECTED] [2007-12-01 17:32]: I don't have any CPU problem, but an impressive (vmstat -i) amount of interrupts (something like 6000/s on external interfaces), and sometimes the system drop packets, even when way less that 100Mbit/s of bandwidth and trying on ISP hosts. 6000 irq/s is not much. increase sysctl net.inet.ip.ifq.maxlen. And check 6.6.1 and 6.6.4: http://www.openbsd.org/faq/faq6.html#Tuning If I'm not mistaken, these FAQs refer to settings applicable to TCP endpoints and will not likely affect OP's role as an intermediary router. correct -- Henning Brauer, [EMAIL PROTECTED], [EMAIL PROTECTED] BS Web Services, http://bsws.de Full-Service ISP - Secure Hosting, Mail and DNS Services Dedicated Servers, Rootservers, Application Hosting - Hamburg Amsterdam
Re: OpenBSD for routing firewalling a 100Mbit/s connection
Carl Roberso ??: Henning Brauer wrote: 6000 irq/s is not much. increase sysctl net.inet.ip.ifq.maxlen. Thank you v-e-r-y much Henning, this seems to have cured the problem. Another problem seems left, anyway. :( I'm running bgpd on both OpenBSD boxes: it's really a fine piece of software, but when dealing with a setup like mine (same box does PF BGP routing, from here the firewall), you can get in trouble when using one BGP session per-provider-per-firewall, and the uplink ISP get you some packets on firewall A, some others on firewall B (so, there isn't a priority on BGP session). Another similar problem arise when the firewall B becomes master, the firewall A stops to packets flow, but maybe it's BGP sessions remains acrive (the most active, or the really one with most priority, depends on the ISP).. and packet confusion starts. Of course a solutions seems to have a BGP session actived ONLY when a given firewall is active.. but this means that when instantly (without losing the TCP sessions) CARP help to switch to the secondary firewall.. everything will be blocked, waiting for the BGP session to download routes. Any of you guys has a hint also for this situation (that's having concurrent BGP sessions, but making sure that the master firewall gets all packets coming from all BGP sessions, without mangling with PF states)? Again, thank you in advance. And, about hte ifq.maxlen sysctl, a good indication you need to increase it is if the net.inet.ip.ifq.drops sysctl is increasing. It should stay at 0 or not increase anymore after you tuned the ifq.maxlen. Regards, Doichin
Re: sendmail question
On Dec 1, 2007 4:52 AM, Toni Mueller [EMAIL PROTECTED] wrote: On Sat, 01.12.2007 at 01:32:07 -0700, Philip Guenther [EMAIL PROTECTED] wrote: Not only that, but something is broken in your MUA that resulted in the log entries you included that showed the above being cut off and lost. I'm not sure what you mean, exactly, ... Sorry, I was being obtuse: in order to actually debug your previous attempt, log entries from that attempt would have been necessary. As is, your sendmail setup looks right to me. Are you able to telnet from that machine with those source and destination address? telnet -b 192.168.2.5 192.168.1.10 25 Yes, that works very nicely. Cool. If that telnet does work, well, you _did_ remember to restart sendmail after changing the sendmail.cf, right? Yes. I've first tried to configure this a few years ago, and done some upgrades in the meantime. As the problem persists, I worked around it by not using sendmail, but this is not an ideal solution, and I thought the sendmail fans on the list could simply show off their superiority. I just verified that ClientPortOptions works as expected on my laptop, running OpenBSD 4.2, by making the submit.cf bind to 127.0.0.2 (an alias on lo0) when forwarding to the normal daemon. Note that the 'b' modifier on DaemonPortOptions overrides ClientPortOptions bind settings. Anyway, I have no personal need to claim superiority, so if your current setup using qmail or postfix works, feel free to keep using it. Philip Guenther
OpenVPN very high ping times to server
I have a simple OpenVPN bridge environment set up: openvpn_client---tun0--[OpenBSD]--hme1---internal_lan | Internet hme0 * bridge0 contains tun0 and hme1 Connectivity and routing work as expected, but when I ping from the client to the OpenBSD server, I get terribly high ping times as high as 3000ms with huge variation. Yet the ping times from the client to a host on the internal lan are 10ms. Basically any packets going between the VPN client and the server itself have this problem. Packets passing through the bridge from client to internal lan are not affected. I am using OpenBSD 4.2 on sparc64, and I've tried OpenVPN 2.0.9 and 2.1rc4. But I also have the same issue on an older 3.8 box with OpenVPN 2.0.5, also sparc64. Because of this problem, using the VPN server also as a default gateway to the Internet is nearly impossible, as the response times are terrible. Any idea what is going on? I've only seen one other report of this issue but there was no solution discussed: http://thread.gmane.org/gmane.network.openvpn.user/20541 Here are some sample pings: C:\tempping -t 192.168.222.1 (pinging server from vpn client) Pinging 192.168.222.1 with 32 bytes of data: Reply from 192.168.222.1: bytes=32 time=140ms TTL=255 Reply from 192.168.222.1: bytes=32 time=821ms TTL=255 Reply from 192.168.222.1: bytes=32 time=271ms TTL=255 Reply from 192.168.222.1: bytes=32 time=648ms TTL=255 Reply from 192.168.222.1: bytes=32 time=447ms TTL=255 Reply from 192.168.222.1: bytes=32 time=18ms TTL=255 Reply from 192.168.222.1: bytes=32 time=45ms TTL=255 Reply from 192.168.222.1: bytes=32 time=414ms TTL=255 Reply from 192.168.222.1: bytes=32 time=649ms TTL=255 Reply from 192.168.222.1: bytes=32 time=1094ms TTL=255 Reply from 192.168.222.1: bytes=32 time=131ms TTL=255 Reply from 192.168.222.1: bytes=32 time=91ms TTL=255 Reply from 192.168.222.1: bytes=32 time=619ms TTL=255 Reply from 192.168.222.1: bytes=32 time=2154ms TTL=255 Reply from 192.168.222.1: bytes=32 time=3179ms TTL=255 Reply from 192.168.222.1: bytes=32 time=2310ms TTL=255 Reply from 192.168.222.1: bytes=32 time=1147ms TTL=255 Reply from 192.168.222.1: bytes=32 time=233ms TTL=255 Reply from 192.168.222.1: bytes=32 time=3030ms TTL=255 Reply from 192.168.222.1: bytes=32 time=4085ms TTL=255 Reply from 192.168.222.1: bytes=32 time=1500ms TTL=255 Reply from 192.168.222.1: bytes=32 time=845ms TTL=255 Reply from 192.168.222.1: bytes=32 time=64ms TTL=255 Reply from 192.168.222.1: bytes=32 time=611ms TTL=255 Ping statistics for 192.168.222.1: Packets: Sent = 24, Received = 24, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 4085ms, Average = 1022ms C:\tempping -t 192.168.222.10 (pinging internal host from vpn client) Pinging 192.168.222.10 with 32 bytes of data: Reply from 192.168.222.10: bytes=32 time=6ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=4ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=9ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=4ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=4ms TTL=254 Reply from 192.168.222.10: bytes=32 time=4ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Reply from 192.168.222.10: bytes=32 time=5ms TTL=254 Reply from 192.168.222.10: bytes=32 time=4ms TTL=254 Reply from 192.168.222.10: bytes=32 time=3ms TTL=254 Ping statistics for 192.168.222.10: Packets: Sent = 19, Received = 19, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 3ms, Maximum = 9ms, Average = 3ms Bryan
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
On Dec 1, 2007 10:20 AM, Pau Amaro-Seoane [EMAIL PROTECTED] wrote: let's wait for 4.3, until then, suspend from terminal (no X) Anybody out there running -current on a thinkpad T41 who can report on suspending/resuming? Someone on this list ( can't find it now ) reported suspend/resume working perfectly in 4.2, even with X, on a thinkpad. -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
On Dec 1, 2007 9:54 AM, Ted Unangst [EMAIL PROTECTED] wrote: On 11/6/07, Mark Thomas [EMAIL PROTECTED] wrote: If I close the lid on this laptop ( Thinkpad T41 ) the machine goes into a deep sleep but will not recover with OpenBSD 4.2. With 4.1 this worked flawlessly. xorg is not running during these tests. it will often come back if you cycle through another suspend/resume with fn-f4. I _think_ I tried that a couple of times with no luck. I thought about reinstalling the OS but I couldn't see where that would help, but I'm just a newbie. thanks -- () ascii ribbon campaign - against html e-mail /\ www.asciiribbon.org - against proprietary attachments
help with pf
I have decided to switch my linux routers over to openbsd and as such need to have pf up and running on them. I have a test network that I am testing this on and am having some issues getting things working as expected.. My network configuration is as follows: my ascii art sux so i'll try to describe the network and provide config files: I have a fresh openbsd 4.2 set up with 5 physical interfaces. fxp0-3 and rl0. and carp set up on the fxp interfaces and rl0 is my pfsync interface. carp3 is my lan interface and fxp0/carp0 is my wan interface and default gw. /etc/mygate: 192.168.3.158 # netstat -rn | more Routing tables Internet: DestinationGatewayFlagsRefs UseMtu Interface default192.168.3.158 UGS 7 3923 - carp0 10/8 link#6 UC 00 - rl0 10.125.221/24 link#2 UC 00 - fxp0 10.126.221/24 link#3 UC 00 - fxp1 10.127.221/24 link#4 UC 00 - fxp2 127/8 127.0.0.1 UGRS00 33208 lo0 127.0.0.1 127.0.0.1 UH 2 77 33208 lo0 172.16.10/24 link#12UC 10 - carp3 172.16.10.26 00:08:02:0b:63:59 UHLc0 2436 - carp3 192.168.3.128/27 link#9 UC 10 - carp0 192.168.3.158 00:40:f4:76:43:62 UHLc1 1423 - carp0 192.168.23/24 link#5 UC 00 - fxp3 192.168.45/24 link#11UC 00 - carp2 192.168.55.0/27link#11UC 00 - carp2 224/4 127.0.0.1 URS 00 33208 lo0 # ifconfig -a lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 33208 groups: lo inet 127.0.0.1 netmask 0xff00 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x8 san0: flags=8010POINTOPOINT,MULTICAST mtu 1500 media: TDM t1 fxp0: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0e:0c:74:6d:61 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.125.221.2 netmask 0xff00 broadcast 10.125.221.255 inet6 fe80::20e:cff:fe74:6d61%fxp0 prefixlen 64 scopeid 0x2 fxp1: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0e:0c:3b:3f:2e media: Ethernet autoselect (none) status: no carrier inet 10.126.221.2 netmask 0xff00 broadcast 10.126.221.255 inet6 fe80::20e:cff:fe3b:3f2e%fxp1 prefixlen 64 scopeid 0x3 fxp2: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:0e:0c:74:6d:a2 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.127.221.2 netmask 0xff00 broadcast 10.127.221.255 inet6 fe80::20e:cff:fe74:6da2%fxp2 prefixlen 64 scopeid 0x4 fxp3: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST mtu 1500 lladdr 00:03:47:b1:2c:c4 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 192.168.23.2 netmask 0xff00 broadcast 192.168.23.255 inet6 fe80::203:47ff:feb1:2cc4%fxp3 prefixlen 64 scopeid 0x5 rl0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:50:bf:72:51:c9 media: Ethernet autoselect (100baseTX full-duplex) status: active inet 10.23.183.1 netmask 0xff00 broadcast 10.255.255.255 inet6 fe80::250:bfff:fe72:51c9%rl0 prefixlen 64 scopeid 0x6 enc0: flags=0 mtu 1536 pflog0: flags=141UP,RUNNING,PROMISC mtu 33208 groups: pflog carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:01 carp: MASTER carpdev fxp0 vhid 1 advbase 1 advskew 0 groups: carp egress inet6 fe80::200:5eff:fe00:101%carp0 prefixlen 64 scopeid 0x9 inet 192.168.3.150 netmask 0xffe0 broadcast 192.168.3.159 carp1: flags=8803UP,BROADCAST,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:02 carp: INIT carpdev fxp1 vhid 2 advbase 1 advskew 0 groups: carp inet6 fe80::200:5eff:fe00:102%carp1 prefixlen 64 scopeid 0xa inet 10.126.221.4 netmask 0xff00 broadcast 10.126.221.255 carp2: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:03 carp: MASTER carpdev fxp2 vhid 3 advbase 1 advskew 0 groups: carp inet6 fe80::200:5eff:fe00:103%carp2 prefixlen 64 scopeid 0xb inet 192.168.45.1 netmask 0xff00 broadcast 192.168.45.255 carp3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:04 carp: MASTER carpdev fxp3 vhid 4 advbase 1 advskew 0 groups: carp inet6 fe80::200:5eff:fe00:104%carp3 prefixlen 64 scopeid 0xc
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
To add a tiny bit of additional information to this one. On my IBM Thinkpad T41p (Type 2373-GKG S/N 99-95BGD 04/12), i see the following behaviour: Pau Amaro-Seoane wrote on Sat, Dec 01, 2007 at 04:20:32PM +0100: 2007/12/1, Ted Unangst [EMAIL PROTECTED]: On 11/6/07, Mark Thomas [EMAIL PROTECTED] wrote: If I close the lid on this laptop ( Thinkpad T41 ) the machine goes into a deep sleep but will not recover with OpenBSD 4.2. With 4.1 this worked flawlessly. xorg is not running during these tests. If you press Access IBM during BIOS boot, then Start setup utility in the Access IBM Predesktop Area, then Config-Power in the IBM BIOS Setup Utility, you can switch that feature off: Suspend when LCD is closed: [No Suspend]. Of course, automatic suspend on closing the LCD is often useful, but for your kind of trouble, disabling this feature might help. On the other hand, i cannot confirm the result of your test. If i switch to console mode (Strg-Alt-F2), log in, sudo to root, kill xdm (such that i have gettys on ttyC[0235], am logged in on ttyC1 and have a lonely blinking cursor on ttyC4), and then close the LCD, the ThinkPad suspends alright. When i open the LCD again, it resumes operation, displaying ttyC1 as before. it will often come back if you cycle through another suspend/resume with fn-f4. Indeed, in console mode, suspend/resume using Fn-F4 works for me, too. As i fail to reproduce the particular problem reported by Mark, i cannot comment on the advice given by [EMAIL PROTECTED] the suspend via terminal technique comes back always... I had four crashes when suspending from X When starting xdm from the root command line, i just got the following messages: [EMAIL PROTECTED] # xdm ugen0 detached ugen0 at uhub3 port 1 Actiontec Electronics product 0x0441 rev. 1.10/5.46 addr ugen0 detached ugen0 at uhub3 port 1 Actiontec Electronics product 0x0441 rev. 1.10/5.46 addr After that, suspend/resume in console mode still works, both by Fn-F4 and by closing and reopening the LCD. But when i switch to X (Alt-F5) and try to suspend from there (using either Fn-F4 or closing the LCD), several things happen: 1. The display of the X desktop vanishes. 2. For a fraction of a second, a pattern of broken white lines is displayed. 3. Then i see the lone blinking cursor expected on ttyC4 when X is not running (hugh?). 4. The ThinkPad does NOT switch to suspend mode (the moon symbol), but stays in active mode (the zig-zag-symbol below the LCD). 5. Strg-Alt-F2 and Fn-F4 have no visible effect any more. 6. BUT, having machdep.kbdreset=1, Strg-Alt-Entf still initiates a proper shutdown sequence, even bringing the console display back: syncing disks... done The operating system has halted. Please press any key to reboot. Thus, i strongly suspect that suspend is NOT crashing the OS, but that instead this is merely (?) a problem with video modes. But don't ask me for details, i do not feel fit to explain anything about the switching of VGA video modes. Is there anything i can do to help figuring this out? Ingo OpenBSD 4.2-current (GENERIC) #65: Mon Oct 15 16:36:09 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1700MHz (GenuineIntel 686-class) 1.70 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2 real mem = 1072656384 (1022MB) avail mem = 1029431296 (981MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 10/13/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version 1RETDNWW (3.19 ) date 10/13/2005 bios0: IBM 2373GKG apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 cpu0: Enhanced SpeedStep 1700 MHz (1484 mV): speeds: 1700, 1400, 1200, 1000, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82855PE Hub rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82855PE AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 vendor ATI, unknown product 0x4e54 rev 0x80 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci2 at ppb1
Re: Strange em(4) issues
i've got a pair of h8ssl-i boards that work fine at 133mhz. i have another set that i run at 66mhz, but only because that's the max the raid controller supports (some kind of LSI card. i like the areca better though) bge shows up as: bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:30:48:56:68:d4 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 9, address 00:30:48:56:68:d5 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/11/30 09:57, Girish Venkatachalam wrote: On 20:47:57 Nov 29, Stuart Henderson wrote: Been there, done that. If you use plaintext protocols (ftp or so) over the interface, you'll see random corruption visible in the data (e.g. directory listings). At 133MHz there's some corruption between motherboard and card. Disappears at 66MHz. Normally this would be masked by TCP checksums (you'd get packet loss, but it would mostly be corrected rather than pass corrupt packets up the stack), but the em(4) does offload TCP checksum processing to the card, so the checksum no longer covers the transfer over the PCI bus, hence the wierd protocol errors. TCP checksums or for that matter any checksum cannot catch *all* errors. Agreed, hence the mostly. Since there is a MAC computation for every packet, this will easily help you identify the problem. With this happening, you're lucky to get an ftp banner through without corruption, I don't think I ever had an SSH session setup. I already have two workarounds, one is to use the old quad em(4) with the IBM(Tundra) bridge (which work ok at 64x133 but the RJ45 sockets are the wrong way up to latch correctly in some of Supermicro's 1U cases), the other is to use the newer cards (Pericom bridge) at 66MHz. I haven't heard of this happen on other systems (and other 64x133 cards work), I suspect it's a hardware problem between H8SSL and the Pericom bridge chip. -- Those who can, do. Those who can't, sue.
Dumb 486: Install From Hard Drive?
Hello from Alberta (waving to Theo, Bob, and others), This email was meant to be short, but it is long. I apologize. Sigh. I have a few dumb 100MHZ to 133MHZ AMD 486/586 portable computers with PCMCIA cards and 8MB-56MB of RAM that I'm absolutely determined to turn into OpenBSD servers this weekend or this week. They have no floppy, no CDROM, no fans (quiet closet servers). They have old style PCMCIA (16bit? no bumps), a serial port, 640x480 screen, and an IDE hard drive. I have compatible pcmcia network cards that fit into them, and even telephone modems. Options for installing OpenBSD? The docs tell me about cdrom/floppy installs, which sadly I don't have on this dumb 486.. And if network install isn't possible? (I have to study my pcmcia cards and bios more to know if this is the case).. Well I have installed Linux successfully before for these devices using a trick: I took the hard drive out, put it into a computer that *does* have a cdrom or floppy.. install linux on it. When done installing, transport the hard drive back to dumb device, and it magically boots with a mem=8MB boot param and possibly other params to fool it. Then I proceed to setting up the hardware that is different from the PC it was installed on, once I'm logged in. And yes it did actually boot an log in, don't know if it was random luck but I didn't think it would work. Is there an easier way to install OpenBSD than this method of borrowing another PC for the initial install? I can copy files onto the hard drives first.. that's not a problem. The computers can already boot into Windows 95, Windows 98, or Dos, or Linux.. but most contain Win95. I can easily stick files on them within Windows network or with a USB to IDE converter I have. I was thinking if there was some program that I could modify the partitions in Windows 95 with and create some bootable master OpenBSD MBR.. I had this tool where I could access Linux partitions from within Total Commander on windows once but don't think it was for bsd. Partition Magic even came to mind, since it can create BSD partitions AFAIK from within a Winblows system.. although I have to see if it creates openbsd compatible ones. Again, I'm clueless here and would like to know if there are alternatives to partition magic like an bsd capable fdisk tool that I could screw with from within dos or win95. Or, even I could use linux to start off with, but most have Win95 already on them. Destroying the hard drive is OKAY.. no important data. I can always get them running again by formatting them through my USB to IDE tool or by accessing them as slaves in another desktop. I'm okay with hurting myself and the hard drives in the process. I have to find some documentation on my PCMCIA cards to see if network install is possible. I've never done network install before and am clueless whether my devices could do such a PXE style install. They are EtherLink 3C589C 10 base T cards and not the newer cardbus/32bit style. Even if they do support network install, I'd like to know if there are other ways to install OpenBSD from a hard drive directly, using some sort of Dos trick or MBR trick, if there is no floppy/cd available. Best Regards, L505 (Lars)
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
Jonathan Thornburg wrote on Sat, Dec 01, 2007 at 11:30:41PM +: I have a more favorable experience to report, albeit on a T41p: Me too using a T41p, so let's compare. See also my other post. With 4.2 (both -release and now -stable), suspend works perfectly. [Under 4.1 suspend would hang the system unless I switched to the 'vesa' Xorg driver; this was workable, but meant I lost any hardware video acceleration.] 4.1 not tested, don't remember exact details about 4.2-release, 4.2-stable not tested. Some details: IBM/Lenovo ThinkPad T41p, model 2373-221 IBM Thinkpad T41p (Type 2373-GKG S/N 99-95BGD 04/12) I have *only) OpenBSD on the disk, with no DOS or IBM recovery partition (I wiped the latter to give more space for OpenBSD) Me too (ooops... i did not even notice any IBM recovery partition while installing OpenBSD... Seems i wanted to get rid of Windows XP asap :). Suspend works fine via either Fn-F4 or 'zzz', under console or under X. X autoconfigures (I do *not* have an /etc/X11/xorg.conf) to 1400x1050 [...] Yes, that's the hardware panel size reported by the BIOS. X restores the screen display fine after a suspend/resume cycle. Not so for me. As i said in my previous posting, it does not even suspend for me. (unless... see below.) Apparently, the xorg.conf file changes nothing. Usually, i have xorg.conf in use because some idi^H^H^H nice guy in our internal IT department ordered german keyboards (grrr). But without xorg.conf, all i said in my previous posting still applies. BUT, when i log in to X and run # apmd -d in one xterm and # zzz in another, the ThinkPad suspends properly and Fn-F4 resumes properly without any video mode breakage. In /var/log/messages, i find: apmd: battery status: unknown. external power status: connected. \ estimated battery life: 0% apmd: system resumed from APM sleep apmd: battery status: high. external power status: not connected. \ estimated battery life: 100% apmd: system resumed from APM sleep So zzz works fine both with AC and battery, Fn-F4 and close/open LCD work fine for both suspend and resume from X - but only if apmd is running -, and Fn-F4 and close/open LCD work fine for suspend and resume from console mode no matter whether apmd is running or not. But neither Fn-F4 nor close LCD suspend from X without apmd, instead they both kill the video mode. Now i suspect i should start feeling silly... We are supposed to run apmd if we want to suspend from X, are we not? Any rocks round here, to crawl under? For completeless, let's compare dmesgs: dmesg follows: OpenBSD 4.2-stable (GENERIC) #1: Sat Nov 17 10:05:47 GMT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC OpenBSD 4.2-current (GENERIC) #65: Mon Oct 15 16:36:09 CEST 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC real mem = 535785472 (510MB) avail mem = 510443520 (486MB) real mem = 1072656384 (1022MB) avail mem = 1029431296 (981MB) bios0 at mainbus0: AT/286+ BIOS, date 04/07/04, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version 1RETC2WW (3.03 ) date 04/07/2004 bios0: IBM 2373221 bios0 at mainbus0: AT/286+ BIOS, date 10/13/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version 1RETDNWW (3.19 ) date 10/13/2005 bios0: IBM 2373GKG bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 bios0: ROM list: 0xc/0x1 0xdc000/0x4000! 0xe/0x1 wd0: 16-sector PIO, LBA, 57231MB, 117210240 sectors wd0: 16-sector PIO, LBA, 53522MB, 109614447 sectors cd0 at scsibus0 targ 0 lun 0: TOSHIBA, DVD-ROM SD-R9012, 1121 SCSI0 5/cdrom removable cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, RW/DVD GCC-4242N, 0201 SCSI0 5/cdrom removable spdmem0 at iic0 addr 0x50: 512MB DDR SDRAM non-parity PC2700CL2.5 spdmem1 at iic0 addr 0x51: 512MB DDR SDRAM non-parity PC2700CL2.5 spdmem2 at iic0 addr 0x55: unknown fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 don't have any
Re: Dumb 486: Install From Hard Drive?
On Dec 1, 2007, at 4:10 PM, L wrote: snip yaifo.fs or pxe boot if the NICs in question support it. The docs for that are in the FAQ. I rather doubt your NICs do, the readme that you'll get when you grab the source explain how to do just what you want. http://erdelynet.com/?s=yaifo
Re: Dumb 486: Install From Hard Drive?
If you can't neboot the best way of getting it going is using the hdd in one chassis for install and then move it to the desired machine afterwards. This is way easier in openbsd than in linux. 8mb won't work for openbsd without trickery that you want to get near. I believe these days 24 is about the lower limit. Nick correct me if I am wrong. On Sat, Dec 01, 2007 at 05:10:50PM -0700, L wrote: Hello from Alberta (waving to Theo, Bob, and others), This email was meant to be short, but it is long. I apologize. Sigh. I have a few dumb 100MHZ to 133MHZ AMD 486/586 portable computers with PCMCIA cards and 8MB-56MB of RAM that I'm absolutely determined to turn into OpenBSD servers this weekend or this week. They have no floppy, no CDROM, no fans (quiet closet servers). They have old style PCMCIA (16bit? no bumps), a serial port, 640x480 screen, and an IDE hard drive. I have compatible pcmcia network cards that fit into them, and even telephone modems. Options for installing OpenBSD? The docs tell me about cdrom/floppy installs, which sadly I don't have on this dumb 486.. And if network install isn't possible? (I have to study my pcmcia cards and bios more to know if this is the case).. Well I have installed Linux successfully before for these devices using a trick: I took the hard drive out, put it into a computer that *does* have a cdrom or floppy.. install linux on it. When done installing, transport the hard drive back to dumb device, and it magically boots with a mem=8MB boot param and possibly other params to fool it. Then I proceed to setting up the hardware that is different from the PC it was installed on, once I'm logged in. And yes it did actually boot an log in, don't know if it was random luck but I didn't think it would work. Is there an easier way to install OpenBSD than this method of borrowing another PC for the initial install? I can copy files onto the hard drives first.. that's not a problem. The computers can already boot into Windows 95, Windows 98, or Dos, or Linux.. but most contain Win95. I can easily stick files on them within Windows network or with a USB to IDE converter I have. I was thinking if there was some program that I could modify the partitions in Windows 95 with and create some bootable master OpenBSD MBR.. I had this tool where I could access Linux partitions from within Total Commander on windows once but don't think it was for bsd. Partition Magic even came to mind, since it can create BSD partitions AFAIK from within a Winblows system.. although I have to see if it creates openbsd compatible ones. Again, I'm clueless here and would like to know if there are alternatives to partition magic like an bsd capable fdisk tool that I could screw with from within dos or win95. Or, even I could use linux to start off with, but most have Win95 already on them. Destroying the hard drive is OKAY.. no important data. I can always get them running again by formatting them through my USB to IDE tool or by accessing them as slaves in another desktop. I'm okay with hurting myself and the hard drives in the process. I have to find some documentation on my PCMCIA cards to see if network install is possible. I've never done network install before and am clueless whether my devices could do such a PXE style install. They are EtherLink 3C589C 10 base T cards and not the newer cardbus/32bit style. Even if they do support network install, I'd like to know if there are other ways to install OpenBSD from a hard drive directly, using some sort of Dos trick or MBR trick, if there is no floppy/cd available. Best Regards, L505 (Lars)
Re: Dumb 486: Install From Hard Drive?
L wrote: Well I have installed Linux successfully before for these devices using a trick: I took the hard drive out, put it into a computer that *does* have a cdrom or floppy.. install linux on it. When done installing, transport That should work fine, as long as the two machines see the drives with the same geometry. OpenBSD isn't hardware-specific, an install on one i386 should work on almost any i386. The 8mb may be a problem, I haven't tried it. I think there's something in the FAQ.
Re: help with pf
On 2007/12/01 3:04 PM, Aaron [EMAIL PROTECTED] muttered eloquently:
I believe I see the issue with general traffic flow. The clue being that
you are being blocked by the generic block drop in log rule (you can get
rule numbers with 'pfctl -vvsr'). You have the destination port on the
source side of the rules. See below...
snip/
lan_net = 172.16.10.0/24
set skip on lo
#set state-policy if-bound
scrub in
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr log on fxp0 inet proto { tcp udp } from 192.168.3.96/27 to carp0
port 5900:5905 - 172.16.10.26
rdr on fxp3 proto tcp from $lan_net to any port 21 - 127.0.0.1 port 8021
nat log on fxp0 from $lan_net to any - carp0
pass in on fxp0
pass out on fxp3
block in log on fxp3
pass out on fxp0 from $lan_net to any
pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https
smtp imap imaps domain } to any
This should be:
pass in on fxp3 inet proto tcp from $lan_net to any port { ssh www ntp
https smtp imap imaps domain } modulate state
#pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https
smtp imap imaps domain } to any no state
pass in on fxp3 inet proto udp from $lan_net port { domain ntp } to any
This should be:
pass in on fxp3 inet proto udp from $lan_net to any port { domain ntp }
pass in on fxp3 inet proto icmp from $lan_net to any
snip/
I'd probably do it a little different however, changing the pass out on fxp0
and pass in on fxp3 to:
pass out quick on fxp0 proto tcp from $lan_net to any modulate state
pass out quick on fxp0 proto { udp, icmp } from $lan_net to any keep state
pass out quick on fxp3 keep state
pass in quick on fxp3 proto tcp from $lan_net to any port { ssh www ntp
https smtp imap imaps domain } keep state
pass in quick on fxp3 proto udp from $lan_net to any port { domain ntp }
keep state
That may have more to do with my own mental logic and configuration style
than any real change in efficacy.
In general I find it most logical to put the general block rule(s) at the
top of the list and then pass/block quick thereafter. That's largely a
personal choice first and out logic fits my brain best, but as your ruleset
grows it can also impact performance since the entire list of rules does not
necessarily have to be processed on all packets.
;P mn
--
Preston M Norvell [EMAIL PROTECTED]
Systems/Network Administrator
Serials Solutions http://www.serialssolutions.com
Phone: (866) SERIALS (737-4257) ext 1094
Re: help regarding peer guardian
On 02/12/2007, Jon [EMAIL PROTECTED] wrote: hi what is the closest package that help me implement peer guardian for OpenBSD ? hm ( First, let me apologize to all the people that sent really helpful replies to some earlier unrelated emails I sent -- I've got 255 unread conversations in Gmail, but I haven't forgotten. ) The Linux equivalent of peerguardian is moblock. ( http://moblock.berlios.de/ ) However, moblock uses netfilter/iptables ( http://en.wikipedia.org/wiki/Netfilter/iptables ), while OpenBSD uses PF. This means that porting moblock to OpenBSD would probably be non-trivial, and it might even be easier to write a work-alike application/PF-ruleset from scratch. --ropers
Re: help with pf
Preston Norvell wrote:
On 2007/12/01 3:04 PM, Aaron [EMAIL PROTECTED] muttered eloquently:
I believe I see the issue with general traffic flow. The clue being that
you are being blocked by the generic block drop in log rule (you can get
rule numbers with 'pfctl -vvsr'). You have the destination port on the
source side of the rules. See below...
snip/
lan_net = 172.16.10.0/24
set skip on lo
#set state-policy if-bound
scrub in
nat-anchor ftp-proxy/*
rdr-anchor ftp-proxy/*
rdr log on fxp0 inet proto { tcp udp } from 192.168.3.96/27 to carp0
port 5900:5905 - 172.16.10.26
rdr on fxp3 proto tcp from $lan_net to any port 21 - 127.0.0.1 port 8021
nat log on fxp0 from $lan_net to any - carp0
pass in on fxp0
pass out on fxp3
block in log on fxp3
pass out on fxp0 from $lan_net to any
pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https
smtp imap imaps domain } to any
This should be:
pass in on fxp3 inet proto tcp from $lan_net to any port { ssh www ntp
https smtp imap imaps domain } modulate state
#pass in on fxp3 inet proto tcp from $lan_net port { ssh www ntp https
smtp imap imaps domain } to any no state
pass in on fxp3 inet proto udp from $lan_net port { domain ntp } to any
This should be:
pass in on fxp3 inet proto udp from $lan_net to any port { domain ntp }
pass in on fxp3 inet proto icmp from $lan_net to any
snip/
I'd probably do it a little different however, changing the pass out on fxp0
and pass in on fxp3 to:
pass out quick on fxp0 proto tcp from $lan_net to any modulate state
pass out quick on fxp0 proto { udp, icmp } from $lan_net to any keep state
pass out quick on fxp3 keep state
pass in quick on fxp3 proto tcp from $lan_net to any port { ssh www ntp
https smtp imap imaps domain } keep state
pass in quick on fxp3 proto udp from $lan_net to any port { domain ntp }
keep state
That may have more to do with my own mental logic and configuration style
than any real change in efficacy.
In general I find it most logical to put the general block rule(s) at the
top of the list and then pass/block quick thereafter. That's largely a
personal choice first and out logic fits my brain best, but as your ruleset
grows it can also impact performance since the entire list of rules does not
necessarily have to be processed on all packets.
;P mn
--
Preston M Norvell [EMAIL PROTECTED]
Systems/Network Administrator
Serials Solutions http://www.serialssolutions.com
Phone: (866) SERIALS (737-4257) ext 1094
Wow, i feel stupid. thanks for that.
The rule set that i used was for testing purposes only and doesn't
reflect anything close to what my final rule set will look like. I just
thought i'd take a stepwise approach to setting things up making sure I
could get one thing at a time working..
Thanks again,
Aaron
Re: Dumb 486: Install From Hard Drive?
Marco Peereboom wrote: If you can't neboot the best way of getting it going is using the hdd in one chassis for install and then move it to the desired machine afterwards. This is way easier in openbsd than in linux. This is what I will do right now on a 16MB machine just for the experience. It seems partition magic only creates linux partitions AFAICT. 8mb won't work for openbsd without trickery that you want to get near. I believe these days 24 is about the lower limit. Nick correct me if I am wrong. I'm in luck.. 16MB is what I have on the machine I'm currently working with. I do have some machines with 8MB but the good news is that those machines i can upgrade since I have plenty of 16MB addon modules, and since they can hold two extra modules that means total of about 40mb. L505
Re: Strange em(4) issues
Chris Cappuccio ??: i've got a pair of h8ssl-i boards that work fine at 133mhz. i have another set that i run at 66mhz, but only because that's the max the raid controller supports (some kind of LSI card. i like the areca better though) bge shows up as: bge0 at pci2 dev 3 function 0 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 5, address 00:30:48:56:68:d4 brgphy0 at bge0 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 bge1 at pci2 dev 3 function 1 Broadcom BCM5704C rev 0x10, BCM5704 B0 (0x2100): irq 9, address 00:30:48:56:68:d5 brgphy1 at bge1 phy 1: BCM5704 10/100/1000baseT PHY, rev. 0 In fact, the H8-SSL-I2 docs say the jumper is for the PCI-X slot, not for the PCI-X bus, so I guess the onboard BCM704C is unaffected of its settings. Anyways, if it is, or is not, it surely IS working fine, except for the input errors Stuart pointed he had, which i could confirm. I've not seen any problems with traffic flowing through them, though, but Stuart have had. Also, nobody claims the PCI-X is not workable on 133 MHz bus, what it seems like is there's a compatibility issues between recent Intel em(4)s and the ServerWorks HT-1000 (or this Supermicro board). In my opinion, it's too bad that hardware of exactly this two brands, which are none-the-less big names in the server market, are unable to play together nicely at 133 MHz. It's a shame! Regards, Doichin Stuart Henderson [EMAIL PROTECTED] wrote: On 2007/11/30 09:57, Girish Venkatachalam wrote: On 20:47:57 Nov 29, Stuart Henderson wrote: Been there, done that. If you use plaintext protocols (ftp or so) over the interface, you'll see random corruption visible in the data (e.g. directory listings). At 133MHz there's some corruption between motherboard and card. Disappears at 66MHz. Normally this would be masked by TCP checksums (you'd get packet loss, but it would mostly be corrected rather than pass corrupt packets up the stack), but the em(4) does offload TCP checksum processing to the card, so the checksum no longer covers the transfer over the PCI bus, hence the wierd protocol errors. TCP checksums or for that matter any checksum cannot catch *all* errors. Agreed, hence the mostly. Since there is a MAC computation for every packet, this will easily help you identify the problem. With this happening, you're lucky to get an ftp banner through without corruption, I don't think I ever had an SSH session setup. I already have two workarounds, one is to use the old quad em(4) with the IBM(Tundra) bridge (which work ok at 64x133 but the RJ45 sockets are the wrong way up to latch correctly in some of Supermicro's 1U cases), the other is to use the newer cards (Pericom bridge) at 66MHz. I haven't heard of this happen on other systems (and other 64x133 cards work), I suspect it's a hardware problem between H8SSL and the Pericom bridge chip.
Re: Dumb 486: Install From Hard Drive?
L wrote: Marco Peereboom wrote: If you can't neboot the best way of getting it going is using the hdd in one chassis for install and then move it to the desired machine afterwards. This is way easier in openbsd than in linux. This is what I will do right now on a 16MB machine just for the experience. It seems partition magic only creates linux partitions AFAICT. 8mb won't work for openbsd without trickery that you want to get near. I believe these days 24 is about the lower limit. Nick correct me if I am wrong. I'm in luck.. 16MB is what I have on the machine I'm currently working with. I do have some machines with 8MB but the good news is that those machines i can upgrade since I have plenty of 16MB addon modules, and since they can hold two extra modules that means total of about 40mb. L505 Good. Do it. :) As Marco and others pointed out, 8M doesn't even come close today. Last I tried 16M, you were into swap just sitting at a shell prompt on a default install, so actually DOING anything with it will be unpleasant. 32M will be far less frustrating. I'd not recommend a smaller amount of memory to a new user. As for the install, the Linux process you described was a relative nightmare. With OpenBSD, assuming non-stupid BIOSs on both ends, you just install on machine X and move disk to Y, and it boots fully multi-user. The only thing left to do is reconfigure your network, IF NEEDED. If you plan ahead and put a compatible NIC in the load machine, you don't even have to do that. Do that a couple times after a hardware failure, you will have trouble believing that any OS you can't do that on is taken seriously. (of cource, if you are running DHCP, your machines probably have different MAC addresses and thus, will probably get different IP addresses.) (back when we were testing the new boot loader which is so wonderfully indifferent to drive geometry or translation, that's one of the things I did: load up a disk, then move it from machine to machine. Not only does it Just Work by design, but also in practice. About the only time I found that WASN'T the case was working with some really old Soekris boxes. A BIOS update on the Soekris fixed the problem nicely, I'm not sure that Soekris box was even capable of booting the device I gave it even if it was natively loaded). IF you can put an IDE drive in a machine, you can almost certainly work a CDROM onto it, if not in it, by using spare cables, though a 486-class machine will probably not boot from CD. I'd be surprised if there wasn't a floppy disk interface in there someplace, too. Nick.
Re: Dumb 486: Install From Hard Drive?
Nick Holland wrote: If you can't neboot the best way of getting it going is using the hdd in one chassis for install and then move it to the desired machine afterwards. This is way easier in openbsd than in linux. This is what I will do right now on a 16MB machine just for the experience. It seems partition magic only creates linux partitions AFAICT. Good. Do it. :) It's basically done.. just waiting for the ftp to finish. I chose FTP install and yes my 3c589c works fine. I shouldn't have chose ftp because I'm putting load on Theo's servers and I'll have to send him or the foundation at least 50 bucks or a pizza with stacked upon stacks of toppings worth that. The only thing that ticked me off was my silly laptop that I'm using as the bootstrap install chassis required I go into the bios settings and set the PCMCIA card to PCIC compatible. The other available setting, caused the PCMCIA card not to be detected. I guess Winblows somehow works around this when it boots up.. setting PCIC mode once it is booted. No big deal though. Has anyone made a cute ncurses style installer for openbsd, BTW? I don't need one personally.. the script did its job well. But it might make OpenBSD more popular if some cute newbieish TUI (text user interface) installer was available. As Marco and others pointed out, 8M doesn't even come close today. Last I tried 16M, you were into swap just sitting at a shell prompt on a default install, so actually DOING anything with it will be unpleasant. Well maybe I'll download BSD 3.X too or research a BSD that will work better on such a minimal system.. 32M will be far less frustrating. I'd not recommend a smaller amount of memory to a new user. I will not be installing X.. I will uninstall or not install as much as possible and only will be placing a 50KB web server on it handwritten by me and my BSD buddy from Brazil ;-) No perl or awk if at all possible.. hopefully no apps require that bloat in the default openbsd installation. Not even apache will be used and I will even uninstall vi and whatever editors are on it since I can edit everything using the webserver and a few cgi progs of mine. But later when I get a clue and admit reality, I'll throw it on a pentium 600mhz box with 500MB of ram. IF you can put an IDE drive in a machine, you can almost certainly work a CDROM onto it, if not in it, by using spare cables, though a 486-class machine will probably not boot from CD. I'd be surprised if there wasn't a floppy disk interface in there someplace, too. There is a floppy interface.. but it requires a port replicator... I could solder one of my own up (been there before..) but don't have the patience this weekend. It's actually a laptop style hard drive, I guess that is not called IDE.. There are these converter cables you can buy that makes regular IDE hard drives work as laptop IDE's which is cool (and vice versa is more common which you probably know about..) and you have to have a 12V power adapter ... which I happen to have.. I just don't have the cable conversion thing that makes the regular IDE style drive become laptop capable. That I suppose could be crimped myself but ebay has them too. However, for now, the laptop with a floppy drive as the bootstrap chassis is working great.. still waiting on the FTP ;-) L505
This list: CC and TO fields
When I reply to the group.. it puts the person's address and the groups address in TO/CC fields. Is it possible for the server to just send mail to the TO field to the group only, and not have a CC ? Is this on purpose, so that incase the list is ever down, the person gets the mail anyway? On my mailing lists that I manage I always turn this option off.. so that anyone who replies to the list only replies to the list but not the actual person too. Not a big deal, just wondering if this is by design and on purpose L505
Re: This list: CC and TO fields
L ??: When I reply to the group.. it puts the person's address and the groups address in TO/CC fields. Is it possible for the server to just send mail to the TO field to the group only, and not have a CC ? Is this on purpose, so that incase the list is ever down, the person gets the mail anyway? On my mailing lists that I manage I always turn this option off.. so that anyone who replies to the list only replies to the list but not the actual person too. Not a big deal, just wondering if this is by design and on purpose L505 Don't know about this mailing list in particular, but it's often done this way because sometimes people not on the mailing list occasionally send a mail to it without being suscribed to it. This makes sure they get all the related posts, though with the downside of subscribers of the mailing lists getting 2 mails for each reply on a thread they've started.
Re: OpenBSD for routing firewalling a 100Mbit/s connection
Carl Roberso ??: NetOne - Doichin Dokov wrote: The BGP problem is solved by doing this: Thank you very much Doichin for pointing this out: all of you was so helpful! Best wishes!rt You're more than welcome! In fact, we use also a bit more complicated BGP setup. Don't know if it would be in any help for you, but i'll describe it here just for the thread to be complete in case anyone starts digging :) The configuration I described in my previous post (3 IPs per upstream provider, 2 dedicated, 1 CARP-shared) works flawlessly, BUT traffic goes only through one of the routers at a time. As we were not just routing, but also doing a lot of shaping, we wanted to loadbalance things and make both of the systems do some job when they are both up. So, the scheme grew from 3 to 4 IPs per upstream provider - 2 dedicated IPs for each firewall, and 2 CARP-shared IPs. Firewall #1 was default master for shared IP one, Firewall #2 was default master for shared IP two. Let's say the IPs are: Firewall #1 172.16.0.1 - static, not in CARP, used for BGP communication with upstream 172.16.0.3 - CARP shared, default master 172.16.0.4 - CARP shared, default slave Firewall #2 172.16.0.2 - static, not in CARP, used for BGP communication with upstream 172.16.0.3 - CARP shared, default slave 172.16.0.4 - CARP shared, default master Then, we told our provider to set nexthop to 172.16.0.3 for networks we sent to them with a community COMM1, and having nexthop set to 172.16.0.4 for networks we sent to them with a community COMM2. Then, in our BGP setup (equal on both firewalls, despite the IP address / router ID), all we had to do is mark half of the networks, which we wanted to go through Firewall #1 by default, with community COMM1, and the others to go to Firewall #2 by default, with community COMM2. Of course, you have to have similiar setup (though probably withouth BGP) on the internal side of the firewalls for things to work properly, again 2 CARP ifs and traffic originating from the networks routed to Firewall #1 and Firewall #2 sent to the very same machine, otherwise you run into state problems, shaping problems (if you do that on the machines, we do), and maybe something else i could not come up with now :) By the way, a nice new IP loadbalance option was recently added to CARP, which might obsolete the setup I describe, but I've not played with that yet. Whatever you choose to do, you could always come back for help in case you need it. Regards, Doichin
Re: Dumb 486: Install From Hard Drive?
I wrote: Has anyone made a cute ncurses style installer for openbsd, BTW? I don't need one personally.. the script did its job well. But it might make OpenBSD more popular if some cute newbieish TUI (text user interface) installer was available. Replying to myself.. RTFA (read the effing archives) http://kerneltrap.org/mailarchive/openbsd-misc/2007/9/19/263467 L505
Re: Machine will not recover from 'deep sleep' state [ IBM Thinkpad T41 ]
There's no disk partition to hold suspend info, and removing power when in the suspend state kills the suspend (i.e. when power is restored I have to do a cold reboot with full fsck etc). So, I conclude I must be doing suspend-to-RAM. yes, this is another issue... I DO have such a partition, I made it on purpose for that aim, I did exactly what you can read in http://www.openbsd.org/i386-laptop.html You can use this feature with OpenBSD. Generate the partition for hibernation using the /usr/ports/sysutils/tphdisk utility from the ports collection. The hibernation partition requires to be a MS-DOS partition at the beginning of the harddisk. This partition can be of type 16 bit FAT or FAT32 (as such it is possible that a Windows install lives in this partition). But I don't see any difference between apm -S, apm -z (zzz). There's always energy consumption. Here you are my DMESG in case of (as you can see, the hard drive crashed from last time I tried to suspend from X, now I am suspending from terminal... and also this time I have acpi enabled, but I don't see any difference) OpenBSD 4.2 (GENERIC) #375: Tue Aug 28 10:38:44 MDT 2007 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel(R) Pentium(R) M processor 1700MHz (GenuineIntel 686-class) 1.70 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,TM,SBF,EST,TM2 real mem = 2146398208 (2046MB) avail mem = 2067853312 (1972MB) User Kernel Config UKC enable acpi 396 acpi0 enabled UKC quit Continuing... mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 01/20/05, BIOS32 rev. 0 @ 0xfd750, SMBIOS rev. 2.33 @ 0xe0010 (61 entries) bios0: vendor IBM version 1RETDIWW (3.14 ) date 01/20/2005 bios0: IBM 23739FU apm0 at bios0: Power Management spec V1.2 apm0: battery life expectancy 100% apm0: AC on, battery charge high apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd6e0/0x920 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdea0/272 (15 entries) pcibios0: PCI Interrupt Router at 000:31:0 (Intel 82371FB ISA rev 0x00) pcibios0: PCI bus #6 is the last bus bios0: ROM list: 0xc/0x1 0xd/0x1000 0xd1000/0x1000 0xdc000/0x4000! 0xe/0x1 cpu0 at mainbus0 cpu0: Enhanced SpeedStep 1700 MHz (1484 mV): speeds: 1700, 1400, 1200, 1000, 800, 600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 Intel 82855PE Hub rev 0x03 ppb0 at pci0 dev 1 function 0 Intel 82855PE AGP rev 0x03 pci1 at ppb0 bus 1 vga1 at pci1 dev 0 function 0 ATI Radeon Mobility M9 Lf rev 0x02 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) uhci0 at pci0 dev 29 function 0 Intel 82801DB USB rev 0x01: irq 11 uhci1 at pci0 dev 29 function 1 Intel 82801DB USB rev 0x01: irq 11 uhci2 at pci0 dev 29 function 2 Intel 82801DB USB rev 0x01: irq 11 ehci0 at pci0 dev 29 function 7 Intel 82801DB USB rev 0x01: irq 11 usb0 at ehci0: USB revision 2.0 uhub0 at usb0: Intel EHCI root hub, rev 2.00/1.00, addr 1 ppb1 at pci0 dev 30 function 0 Intel 82801BAM Hub-to-PCI rev 0x81 pci2 at ppb1 bus 2 cbb0 at pci2 dev 0 function 0 TI PCI4520 CardBus rev 0x01: irq 11 cbb1 at pci2 dev 0 function 1 TI PCI4520 CardBus rev 0x01: irq 11 em0 at pci2 dev 1 function 0 Intel PRO/1000MT (82540EP) rev 0x03: irq 11, address 00:0d:60:89:7a:4d ath0 at pci2 dev 2 function 0 Atheros AR5212 (IBM MiniPCI) rev 0x01: irq 11 ath0: AR5213 5.6 phy 4.1 rf5111 1.7 rf2111 2.3, WOR1W, address 00:05:4e:42:ea:6b cardslot0 at cbb0 slot 0 flags 0 cardbus0 at cardslot0: bus 3 device 0 cacheline 0x8, lattimer 0xb0 pcmcia0 at cardslot0 cardslot1 at cbb1 slot 1 flags 0 cardbus1 at cardslot1: bus 6 device 0 cacheline 0x8, lattimer 0xb0 pcmcia1 at cardslot1 ichpcib0 at pci0 dev 31 function 0 Intel 82801DBM LPC rev 0x01: 24-bit timer at 3579545Hz pciide0 at pci0 dev 31 function 1 Intel 82801DBM IDE rev 0x01: DMA, channel 0 configured to compatibility, channel 1 configured to compatibility wd0 at pciide0 channel 0 drive 0: SAMSUNG HM121HC wd0: 16-sector PIO, LBA48, 114473MB, 234441648 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 5 atapiscsi0 at pciide0 channel 1 drive 0 scsibus0 at atapiscsi0: 2 targets cd0 at scsibus0 targ 0 lun 0: HL-DT-ST, RW/DVD GCC-4242N, 0201 SCSI0 5/cdrom removable cd0(pciide0:1:0): using PIO mode 4, Ultra-DMA mode 2 ichiic0 at pci0 dev 31 function 3 Intel 82801DB SMBus rev 0x01: irq 11 iic0 at ichiic0 auich0 at pci0 dev 31 function 5 Intel 82801DB AC97 rev 0x01: irq 11, ICH4 AC97 ac97: codec id 0x41445374 (Analog Devices AD1981B) ac97: codec features headphone, 20 bit DAC, No 3D Stereo audio0 at auich0 Intel 82801DB Modem rev 0x01 at pci0 dev 31 function 6 not configured usb1 at uhci0: USB revision 1.0 uhub1 at usb1: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb2 at uhci1: USB revision 1.0 uhub2 at usb2: Intel UHCI root hub, rev 1.00/1.00, addr 1 usb3 at uhci2: USB revision 1.0 uhub3 at usb3: Intel UHCI root hub, rev 1.00/1.00,
